SonarScanner for MSBuild with Azure Pipelines : Sonar "End" failing to push data to Sonar server

Hello World,

Greetings of the day. I am running a Sonar Scanner for a C# project and integrating into an Azure CICD pipeline.

Following are my configuration details:

• Sonar Server:

URL : https://sonarqube.sapphirepri.com
It is Community Edition Version 7.6 (build 21501) and hosted on an AWS instance, behind an ELB or Ngnix load balancer.
Token-based authentication is disabled for accessing the sonar server, the only way to access is using login/password combination. Hence, we cannot use the Sonar scanner plugin for Azure-Devops.

• Sonar Scanner
  I have downloaded and extracted: sonar-scanner-msbuild-4.6.2.2108-net46 from this URL: SonarScanner for .NET and followed the mentioned instructions.

• Project details:
  It is a C# based desktop application, target .Net Framework is 4.6.2.
  We are using VS 2017 to build the project for analysis.
  The build server is a Windows Server 2012 machine, that is running behind a closed network. Required proxies are enabled.
  The server is configured to run VSTS build agents.
  We have SONAR_SCANNER_OPTS variable set to use -Dhttps proxies. that I can see beingv passed on the scanner-end logs.

• What’s been done:

1. Configured using PowerShell sonar-scanner to run the begin step. This works fine and I can see the necessary initialization completed.
   Here’s the inline command:

cd $sourcePath
$sonarBegin = C:\Tools\sonar-scanner-msbuild-4.6.2.2108-net46\SonarScanner.MSBuild.exe begin /k:“application-name” /v:“1.0” /d:sonar.host.url=“https://sonarqube.sapphirepri.com” /d:sonar.login=“username” /d:sonar.password=“” /d:sonar.verbose=true

2. Project build step: Works fine. The build is successful.

3. Sonar End command. The command in bold below is to enable TLS 1.2 protocol on the build server and fetching the Invoke-WebRequest status, which is alternate to the ‘curl’ command. I can see status code as 200 (success) in the logs.

cd $sourcePath
#Enabling TLS 1.2 Protocol and getting web-status
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
$webRequest = Invoke-WebRequest “https://sonarqube.sapphirepri.com/”
$statusCode = $webRequest.StatusCode
$sonarEnd = C:\Tools\sonar-scanner-msbuild-4.6.2.2108-net46\SonarScanner.MSBuild.exe end /d:sonar.login=“username” /d:sonar.password=“$(SonarPassword)”

• What’s not working:
  The Sonar-End command fails. Here’s what I’m seeing in the logs:

INFO: EXECUTION FAILURE 19:40:13.405 INFO: ------------------------------------------------------------------------ 19:40:13.405 ERROR: SonarQube server [https://sonarqube.sapphirepri.com] can not be reached 19:40:13.405 INFO: Total time: 5.672s 19:40:13.421 INFO: Final Memory: 12M/1472M 19:40:13.421 INFO: ------------------------------------------------------------------------ 19:40:13.421 ERROR: Error during

SonarQube Scanner execution
2019-09-23T23:40:13.5148523Z org.sonarsource.scanner.api.internal.ScannerException: Unable to execute SonarQube
2019-09-23T23:40:13.5148523Z at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:85)
2019-09-23T23:40:13.5148523Z at java.security.AccessController.doPrivileged(Native Method)
2019-09-23T23:40:13.5148523Z at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:74)
2019-09-23T23:40:13.5148523Z at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.createLauncher(IsolatedLauncherFactory.java:70)
2019-09-23T23:40:13.5148523Z at org.sonarsource.scanner.api.EmbeddedScanner.doStart(EmbeddedScanner.java:181)
2019-09-23T23:40:13.5148523Z at org.sonarsource.scanner.api.EmbeddedScanner.start(EmbeddedScanner.java:122)
2019-09-23T23:40:13.5148523Z at org.sonarsource.scanner.cli.Main.execute(Main.java:73)
2019-09-23T23:40:13.5148523Z at org.sonarsource.scanner.cli.Main.main(Main.java:61)
2019-09-23T23:40:13.5148523Z Caused by: java.lang.IllegalStateException: Fail to get bootstrap index from server
2019-09-23T23:40:13.5148523Z at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:42)
2019-09-23T23:40:13.5148523Z at org.sonarsource.scanner.api.internal.JarDownloader.getScannerEngineFiles(JarDownloader.java:58)
2019-09-23T23:40:13.5148523Z at org.sonarsource.scanner.api.internal.JarDownloader.download(JarDownloader.java:53)
2019-09-23T23:40:13.5148523Z at org.sonarsource.scanner.api.internal.IsolatedLauncherFactory.lambda$createLauncher$0(IsolatedLauncherFactory.java:76)
2019-09-23T23:40:13.5148523Z … 7 more
2019-09-23T23:40:13.5148523Z Caused by: java.net.SocketException: Can’t connect to SOCKS proxy:connect timed out
2019-09-23T23:40:13.5148523Z at java.net.SocksSocketImpl.connect(Unknown Source)
2019-09-23T23:40:13.5148523Z at java.net.Socket.connect(Unknown Source)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.platform.Platform.connectSocket(Platform.java:129)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connectSocket(RealConnection.java:245)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connectTunnel(RealConnection.java:217)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.RealConnection.connect(RealConnection.java:159)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.findConnection(StreamAllocation.java:257)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.findHealthyConnection(StreamAllocation.java:135)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.StreamAllocation.newStream(StreamAllocation.java:114)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.connection.ConnectInterceptor.intercept(ConnectInterceptor.java:42)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.cache.CacheInterceptor.intercept(CacheInterceptor.java:93)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.BridgeInterceptor.intercept(BridgeInterceptor.java:93)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RetryAndFollowUpInterceptor.intercept(RetryAndFollowUpInterceptor.java:126)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:147)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.internal.http.RealInterceptorChain.proceed(RealInterceptorChain.java:121)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.getResponseWithInterceptorChain(RealCall.java:200)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.shaded.okhttp.RealCall.execute(RealCall.java:77)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.ServerConnection.callUrl(ServerConnection.java:113)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.ServerConnection.downloadString(ServerConnection.java:98)
2019-09-23T23:40:13.5304777Z at org.sonarsource.scanner.api.internal.BootstrapIndexDownloader.getIndex(BootstrapIndexDownloader.java:39)
2019-09-23T23:40:13.5304777Z … 10 more
2019-09-23T23:40:13.5304777Z Process returned exit code 1 The SonarQube Scanner did not complete successfully
2019-09-23T23:40:13.5304777Z 19:40:13.467 Post-processing failed. Exit code: 1
2019-09-23T23:40:13.5304777Z
2019-09-23T23:40:13.5304777Z ##[error]Process completed with exit code 1.
2019-09-23T23:40:13.5304777Z ##[section]Finishing: SonarScanner : End

Another interesting finding:

• We were able to push sonar analysis to the dashboard.This happened after enabling the system HTTPS proxy for Java in the system environment variables. (-Dhttps.proxyHost=xxx.yyy.zzz.aa). However, after running 3-4 scans it started breaking again. There were no changes made to the system.

• Another team that has its build server on an open network, i.e outside our company network is able to push sonar results on the same Sonar server fine. They’re building similar .Net application and using similar sonar-scanner for msbuild commands and using Team City in place of Azure.

We have hit a roadblock and any suggestion to fix this would be greatly appreciated

Regards,
Arnab

Hi @arnumb,

Could you please elaborate more about this ? Because afaik, it’s not possible to disabled user token authentication.

Regards

Hi,

We received an update from the team managing our Sonar server about LDAP authentication being added and that all token-based authentication are being revoked.

• “Old Personal Tokens are revoked. As a reminder we should not be creating personal tokens in SonarQube”
• All old credentials ARE DEACTIVATED and by proxy so are custom tokens; you will need to switch over to your PRIOPS credentials after this update.

I’m not aware of the reason or logic behind this change but after the update the ask was to pass our credentials to the sonar url to access the server

Regards.

This is really not a good news for you as user tokens are the best way to authenticate your analysis.
You should ask the team managing your SonarQube server to allow you to use tokens in order for you to correctly use SonarQube. Or maybe you should ask them to resolve your issue.

Thank you for the suggestion, I will write this to the team managing the Sonar server but making an exception seems an unlikely option here. I’m able to login and access the Sonar server from the build server using my login-id/password combination.

Are you able to suspect anything else from the shared log or description?

Looking deeper in your logs error, you seems to have an issue with your Proxy. You should ask your the team managing your SonarQube server to have in look at this error.